Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

GRE over IPSEC problem

i've configured GRE tunnel over IPSEC between two routers on leased line.Tunnel shows port and protocol UP on both of routers but when i'm using command on CLI of router "show session interface tunnel 0", it will give "SESSION STATUS:DOWN" and also unable to see encryption/decryption.

Kindly tell me right solution.

4 REPLIES

Re: GRE over IPSEC problem

First:

crypto map VPN-IND 10 is missing the transform set:

it should look like this:

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.2

match address 101

set transform-set BSF_CISCO

Go ahead and take off the crypto map from the Tunnel0 interface, you only need it on the physical interface on new versions.

Same on the other router:

Missing transform set

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.1

match address 10

set transform-set...<-----HERE

!

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.1

match address 10

set transform-set BSF_CISCO

Remove the crypto map from the Tunnel0 as well and force the tunnel renegotiation.

Re: GRE over IPSEC problem

In your crypto-map, you need to set the transform to use with the tunnel.

New Member

Re: GRE over IPSEC problem

How can we use transform with tunnel.kindly specify me with example for clear concept for me.

Re: GRE over IPSEC problem

you need to go to the crypto map mode by typing:

crypto map seqNO

set transform-set

I pasted the way it should look on my first post.

155
Views
0
Helpful
4
Replies
CreatePlease to create content